Hi there, I've noticed that my laptop has been encountering problems of explorer closing by itself recently... and just browsing through the Task Manager, i found 2 unfamiliar processes.

Did a little google on them and found that they could be harmful to my system. Thus i followed the Malware Removal Guide from this forum hoping to fix the problem.

*PS. While executing the ComboFix step, everything is running well, all the way until it prompts
"
Almost done. . This window will close in a short while
Please wait a few seconds for the report log to pop up

ComboFix's log shall be located at C:\ComboFix.txt
"

Then the Blue Screen Of Death just occurred and my system reboot by itself.

After which I found that the log file is located at "C:\ComboFix\ComboFix.txt" instead of the root directory.

Use windows explorer to find and delete:
C:\WINDOWS\system32\FsUsbExService.Exe

Now go to start / run / type "services.msc" without quotes and scroll down to:
FsUsbExService
then right click the entry, select Properties and press Stop Service.
* When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
* Click OK until you get back to Windows.

Next, run C:\MGtools\analyse.exe, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
* At the lower right, click on the Config button
* Then click the Misc tools button
* Select Delete an NT Service
* Copy/paste FsUsbExService into the box that opens, and press OK
* If you receive any error messages just ignore them and continue.
After clicking Fix, exit HJT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.

That took care of it....as to what it is, I don't know, other than it is just beginning to show up.

Run CCleaner ( both the cleaner and the registry - making the backup when prompted) followed by ATF Cleaner by Atribune.

If you are not having any other malware problems, it is time to do our final steps:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

Hi TimW, everything went smoothly after following your instructions. However i have one last problem here - I am unable to remove the recovery console which was installed during the ComboFix phrase.

I followed the instructions given at http://support.microsoft.com/kb/307654 on how to remove it. I was able to remove the cmldr but was unable to delete cmdcons folder. Error prompt was "access is denied". I manage to edit boot.ini to remove the boot sequence and system is able to start normally, but the cmdcons folder is still hidden in my root directory. Is there anyway to remove it?

I would not be concerned about removing that folder. And did you remove the recovery console just to make a faster boot up? Not having that installed could leave you in serious trouble if you ever loose your cd.